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(57) Abstract 

A novel system for secure electronic delivery of images for home viewing by end users. The system includes a long term archiving 
system for conversion of an image program into a digitized form, such as an image file, a headend system, and an end user system so 
that the digitized forms that are sent by the long term archiving subsystem are received by the headend subsystem and then relayed to the 
end-user subsystem for viewing by the end-users. This novel delivery method would change the delivery systems presently employed by 
the entertainment industry which includes a physical transportation oriented technology, analog broadcast transmission, non-real time or 
low resolution streaming video technology, to a new digital electronic approach. 
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System And Method For Stand ard 
And High Definition Video Delivery 

Field of the Invention 

This invention relates to delivery of images for viewing by end users such as residential 
consumers, public social or business gathering places, governmental agencies, and companies. 
More particularly, this invention relates to a system and method for secure electronic delivery 
of television programs, and other image and audio programs, and documents, in digital format 
to one or more end users. 

Description of the Related Art 

The current method of delivery of motion picture derived programs for home viewing is 
to convert the original negative film into an analog or digital program file using a telecine. The 
output of the telecine may be either in standard or high definition television format, and is then 
recorded on a magnetic tape master. Once the master tape is created, conversion to the format 
required or delivery such as NTSC, PAL, HDTV, etc. may be done. Duplication masters are 
then created for use in generating copies of the program such as VHS tapes and DVD disks, 
which are to be delivered to many end users. In addition, copies of programs may be delivered 
by transportation or satellite communications to broadcast stations which then broadcast such 
programs to end users. 

This conventional delivery method suffers from several disadvantages. First, there are 
many opportunities for piracy (unauthorized copying) due to the fact that many copies are 
made and distributed, and the program owner has, as a practical matter, no control over the 
copies after they are distributed. Second, conventional distribution means such as retail stores 
are expensive. Third, the current method of distribution of video programs via the Internet, 
broadcast, or by satellite communications provides real time video at resolutions of less than 1 
million pixels. Fourth, the end user has a limited choice of programs from which to make a 
selection, and no ability to search for a specific category of programs or a specific program and 
then select a preferred program of their choice. By contrast, an on-line service, using computer 
technology will allow an end user to search a database and select a preferred program in the 
fonnat of choice for electronic delivery directly to the end user. 

What is needed is a technology focused on the of delivery of standard and high 
definition television programs, and other image and audio programs, to end users 
electronically, and at data rates which are higher than those used for real time program display. 
This novel delivery method would thereby change the foregoing delivery systems presently 
employed by the entertainment industry which include a physical transportation oriented 
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technology, analog broadcast transmission, non-real time or low resolution streaming video 
technology, to a new digital electronic approach utilizing broadband communications 
technology. 

Summary Of The Invention 
5 The present invention satisfies this need by providing a distribution/delivery system 

with a complete end-to-end integrated delivery system of secure digital video and audio 
programs, and other data that can be delivered at data rates which are a multiple of a program's 
real time data rate. In particular, the system of the present invention may include a long term 
archiving system for conversion of an image program into a digitized form, such as an image 

10 file, a headend system, and an end user system so that the digitized forms that are sent by the 
long term archiving subsystem are received by the headend subsystem and then relayed to the 
end-user subsystem for viewing by the at least one end-user. 

The long term archiving system may further include an image conversion subsystem for 
conversion of image programs captured on film to digitized forms, a digital program playback 

15 subsystem to playback programs which are received from a source in digital format, an audio 
playback subsystem to playback audio programs which are received from a source in digital 
format, an audio conversion subsystem to convert the audio program into a format suitable for 
storage in the long term archiving system, a lossless compression encoder subsystem for 
compressing the digitized forms, a long term storage subsystem for storage of the digitized 

20 forms, an encryption subsystem to encrypt the digitized forms prior to storage in the long term 
storage subsystem, a decryption subsystem to decrypt the digitized forms for viewing on a 
display panel of the long term system, and a management subsystem to manage security of the 
digitized forms and to relay system data and the digitized forms to the headend subsystem. 

The headend system may further include a baseband processing subsystem to receive as 

25 input system data and the digitized forms, for example NTSC or HDTV digital files, a 
distribution subsystem to receive as input system data and the digitized forms from the 
baseband processing subsystem, a radio frequency transmission subsystem to transmit system 
data and the digitized forms between the end-users and the long term archiving subsystem; and 
a management subsystem to provide a management interface with end users and sources of 

30 program materials. 

The end user system may further include a transmission line interface to relay coded 
system data and said digitized forms from the headend system to the end-user subsystem, a 
receiver-decoders subsystem to receive as input the relayed coded system data and the coded 
digitized forms from the transmission line interface in form of the radio frequency bit stream 
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and to produce decoded digitized forms and system data at baseband, a storage playback 
subsystems to store system data and the digitized forms, a secure playback subsystems to 
playback system data and the digitized forms, an automation/scheduling subsystem to direct 
playback of system data and the digitized forms in the secure playback subsystems as 
5 authorized by a management subsystem, and a reverse channel to relay feedback data to the 
headend system from the at least one end user. 

Brief Description Of The Drawings 

Figure 1 is a block diagram of a preferred version of a long term archiving system 
embodying the present invention; 
10 Figure 2 is a block diagram of a preferred version of a headend system embodying the 

present invention; and 

Figure 3 is a block diagram of a preferred version of an end user system embodying the 
present invention. 

Detailed Description Of The Invention 
15 The overall system architecture of the present invention may include three main 

subsystems. 

Referring to FIG. 1, the first subsystem is the Long Term Archiving Subsystem 1, 
which may include a subsystem of Film To Digital Transfer 1 1 for conversion of image 
programs originally captured on film to a digital file, a Program Playback Subsystem 15 which 

20 provides playback of programs received from a source in digital format, along with a Audio 
Playback Subsystem 10 for playback and conversion of source audio programs and further 
conversion of the audio programs into a format suitable for storage in the Long Term 
Archiving Storage Subsystem 13. Also included in the Long Term Archiving Subsystem 1 is 
the Lossless Motion Picture Compressor 12 which first performs lossless compression and 

25 encryption of image files, before their storage in the Long Term Archiving Storage Subsystem 
13. A Long Term Archiving Monitor Subsystem 14 is included to monitor system for viewing 
decrypted program files on a program display, and a Long Term Archiving Management 
Subsystem 16 which provides record keeping of all program files, contracts with program 
owners, and manages security of the program files and transmissions across the Transmission 

30 Line Interface 17 to the Headend System 2. 

Referring to FIG. 2, the second system is the Headend System 2, which may include a 
Baseband Processing Subsystem 200, a Distributed Storage Subsystem 220 for distribution of 
digitized programs and data files, a Radio Frequency Transmission Subsystem 240 for 
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transmission of program and data flies to various users, and a Headend Management 
Subsystem 260 for management of program files and databases. 

Referring to FIG. 3, the third system is the End User System 3, which may include 
Transmission Line Interfaces 300 at end user sites designated to receive program and data files, 
5 Receiver-Decoders 305, Storage Playback Subsystem 320, Secure Playback Subsystem 360, 
Automation/Scheduling Subsystem 330, and Reverse Channel 350 which provides data back to 
the Headend System 2 from the End User System 3. 

A more detailed description of the operation of the present invention is provided below 
while referencing the foregoing Figures to better illustrate the different embodiments of the 
10 present invention and their enumerated subsystems. 

A. Long Term Archiving System 

As illustrated in FIG- 1, the Long Term Archiving System 1 includes provision for 
conversion of the original camera film negative of images, such as motion pictures, to a digital 
representation converting from film to a digital file, utilizing the Film To Digital Transfer 1 1 

15 subsystem to create a master digital program image file. The Long Term Archiving System 1 
accommodates digital program image files which were converted from all the various film 
formats and aspect ratios, including but not limited to 8 millimeter, 16 mm, and 35 mm film 
formats, and 1.33,1.37, 1.66, and 1.85 aspect ratios, and digital program image files which may 
contain one or more still images. 

20 The Long Term Archiving System 1 also includes a Program Playback Subsystem 15 

which provides for playback of program images captured with video cameras and other capture 
technologies, and for the conversion of such programs into master digital program image files. 

After creating the master digital program image file, the master digital program image 
file is losslessly compressed and then encrypted in the Lossless Motion Picture Compressor 12, 

25 as directed by a Long Term Archiving Management Subsystem 16, utilizing an encryption 
technique and a conditional access system which has been standardized for use by the Long 
Term Archiving Subsystem 1, the Headend Subsystem 2, and the End-user Subsystem 3. 

Program audio files associated with program image files are obtained from magnetic 
tapes, or from optical audio files on film. The original audio files may be in a number of 

30 formats including analog, digital uncompressed, and digital compressed utilizing several 
alternative compression algorithms such as MP1, AC-3, or DTS. The analog audio files are 
converted to digital uncompressed format and then stored in the Long Term Archiving Storage 
Subsystem 13. Digital audio files are stored in the Long Term Archiving System 1 without 
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further processing or with lossless compression. The Audio Playback Subsystem 10 provides 
for later playback and conversion of source audio programs where a system layer is utilized to 
combine the audio and image files, using time stamps for both the audio and video so that 
features such as lip synchronization can be maintained when the audio and video files are later 
5 combined for display. 

The Long Term Archiving System 1 may also include Long Term Archiving 
Management Subsystem 16 which may further include a Database Management System 18 and 
a Conditional Access System 19 which are used to keep records of digital program image files, 
digital audio files, and other data files, and to assure that program files are encrypted and stored 
10 in accordance with the program owner's instructions, and to ensure that transmission of a copy 
of an encrypted digital program file to the headend system is only done upon receipt of a valid 
authorization. 

A Long Term Archiving Monitor Subsystem 14 is also provided to allow a system 
operator to review program files, and to monitor and control the performance of the Long Term 
15 Archiving System 1. 

The delivery of the encrypted digital program files from the Long Term Archiving 
System 1 to the Headend Subsystem 2 is then accomplished using a secure method of 
transmission provided by the Transmission Line Interface 17, or by a physical delivery. 

B. Headend System 

20 The Headend Subsystem 2 may further include the subsystems of Baseband Processing 

200, Distribution Storage 220, Radio Frequency Transmission 240, and Headend Management 
260. Below is a more detailed description of each subsystem as illustrated in FIG. 2. 

1. Baseband Processing Subsystem 

In the present invention, the delivery of a digitized program file is authorized by the 
25 Subscriber Management System 263 (SMS) of the Headend Management Subsystem 260. An 
encrypted electronic request for delivery of a specific digitized program file from the Long 
Term Archiving System 1 to the headend is sent to the Long Term Archiving System 1, under 
the direction of the SMS 263. Upon acceptance of the message, which contains conditional 
access authorization information, the Long Term Archiving System 1 delivers an encrypted 
30 copy of the requested file to the headend system. The encrypted digital program file may 
include a digital program image file, a digital audio file, one or more other data file, and 
conditional access messages. The delivery of the program files may be over a secure 
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transmission line of Transmission Line Interface 17, or by transportation of physical media, 
such as disks. 

Upon receipt of the digital program files from the Long Term Archiving System 1 via 
the Transmission Line Interface 17, a first File Server 201 directs the files into the Headend 
Archiving Storage Subsystem 202 of the Baseband Processing Subsystem 200, where the files 
are stored as received from the Long Term Archiving Management Subsystem 16, for later 
distribution. 

The functions of the File Server 201 may include: 

1. Management of storage of the encrypted program image and audio files, together 
with all timing and program associated data, onto the Headend Archiving Storage 
Subsystem 202. 

2. Playback of the stored program files from the Headend Archiving Storage 
Subsystem 202. 

3. Decryption and separation of the program files into lossless program image and 
audio files. 

The Headend Archiving Storage Subsystem 202 stores a number of lossless program 
image files, audio files and other data files, and is able to playback on demand program image, 
audio, and other data files. Safeguards such as 1:1 redundant fail safe protection can be 
included. If a practical limitation exists in a system specific on the amount of available storage 
capacity, at any given time the Headend Subsystem 2 may then store in the Headend Archiving 
Storage Subsystem 202 only the program files to be distributed over a period of several weeks. 
In this configuration, the system design may include an added feature of choosing a period of 
time in which each program is to be archived at the headend, and a method for disposition of 
the file when the storage/distribution period ends. 

Upon a request from the Program File Management System 261 and authorization by 
the Conditional Access Security System 262 located in the Headend Management Subsystem 
260, a digital program is sent to the Signal Processing Subsystem 210 of the Baseband 
Processing Subsystem 200. The Signal Processing Subsystem 210 may include a 
Demultiplexor/Decryptor 201, an Audio Baseband Processor 212, an Audio Compressor 213, a 
Lossless Program Image-decompressor 214, a Program Image Preprocessor 215, a Lossy 
Program Image-compressor 216, and a Data/Authorization Interface Module 217. 

In one example of the operation of the Signal Processing Subsystem 210 regarding the 
digital program image file, the image file is first separated and then decrypted by the 
Demultiplexor/Decryptor 201, then undergoes lossless decompression in the Lossless Program 
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Image-decompressor 214 so that the original digital program image file is recovered. The 
Program Image Preprocessor 215, under the direction of the Program File Management System 
261 further converts the original digital program image file into a reduced program image file 
which is appropriate for the user specified requirement. The reduced program image file may 
5 have been preprocessed to provide an image resolution of 480 x 720, or 1080 x 1920 or any 
number of formats consistent with presentation of NTSC, PAL, HDTV, etc. on an end user 
display. The reduced program image file is then compressed again in the Lossy Program 
Image-compressor 216 utilizing a lossy compression algorithm such as MPEG2, as directed by 
the Program File Management System 261 of the Headend Management Subsystem 260, 

10 resulting in a compressed program image file, which can be transmitted utilizing a much lower 
bandwidth then would otherwise be required without lossy compression. 

The digital audio file is also separated and decrypted by the Demultiplexor/Decryptor 
201 and sent to Audio Baseband Processor 212 which identifies the compression algorithm 
used on the original digital audio file, if any, and decompresses the audio file into an original 

15 uncompressed program audio file. Then, the program audio file is compressed again in the 
Audio Compressor 213 utilizing a compression algorithm specified by the Program File 
Management System 261, for example, as the MPEG Standard, Advanced Audio Coding 
(AAC) algorithm. The AAC algorithm provides efficient coding of monaural, stereo, and 
multi-channel audio. The AAC can achieve reduction of audio files by a factor of 10: 1. 

20 The outputs of the digital program image, the digital audio compressors, and the data 

interface module are then forwarded to the Multiplexor/Encryptor 203 which packets the 
incoming bit streams, and forms the packets into a serial multiplexed bitstream similar to, for 
example, the format of the System Layer of MPEG2. Each packet in the bitstream is then 
encrypted with a very powerful encryption algorithm such as the triple Data Encryption 

25 Standard (Triple DES) which uses a 168 bit key, or to use the Digital Video Broadcast (DVB) 
standard, which has been widely adopted. The Conditional Access Security System 262 
provides the instructions to the conditional access engine in the Multiplexor/Encryptor 203, 
which in turn enables the encryptor. The output of the Multiplex/Encryptor 203 is then sent to 
the Distribution Subsystem 220. 

30 

2. Distribution Storage Subsystem 

The output of the Baseband Processing Subsystem 200 is then routed by a second File 
Server 218 into the Distribution Storage Subsystem 220. The Distribution Storage Subsystem 
220 provides short-term storage of programs for which transmission to End-users Subsystem 3 
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is reasonably imminent. Digital program files in this storage system may include program files 
derived from the same original digital program file but of different resolution, such as NTSC 
and HDTV program files. Upon command of the Subscriber Management System 263 in the 
Headend Management Subsystem 260, the second File Server 218 reads out the packets of 

5 multiplexed digital program files, and adds program associated data, particularly 
authorizations, to the multiplexed bit stream. The Subscriber Management System 263 also 
defines the read-out rate of the output bit stream, consistent with the data rate of the 
transmission system. For example, if the transmission system is capable of a 64 mbps 
information data rate, then a digital program file that has a normal data rate of 4 mbps can be 

10 transmitted at a data rate 16 times its normal rate. Thus the transmission time of a 120-minute 
program will be less than 8 minutes. 

The output bit stream of the Baseband Processing Subsystem 200is thus forwarded via 
the second File Server 218 and the Distribution Storage Subsystem 220 to the Modulator-Tuner 
242 of the Radio Frequency Transmission Subsystem 240, described below. 

15 

3. Radio Frequency Transmission Subsystem 

As illustrated in FIG. 2, the Radio Frequency Transmission Subsystem 240 may 
include a Modulator-Tuner 242, a Transmission Line Interface 246, an Inbound User Data 
Transmission Subsystem 241, a Data Encryptor 243, a Message Handler 244 and a User File 
20 Server 245. 

The specifications of the Modulator/Tuner 242 depends upon the transmission media 
chosen for distribution. One preferred version of the present invention, as discussed below, 
uses satellite transmission for distribution to end users, However, alternative transmission 
media such as microwave, coaxial cable, and fiberoptic cable can be used for delivery of digital 

25 electronic program to classes of users. 

Currently, channel coding for satellite transmission of digital TV utilizes QPSK 
modulation, with rate 1/2 to rate 5/6 convolutional coding and Reed Solomon forward error 
correction. With these technologies the net bits per symbol is about 1.7, and the coding gain is 
about 4.5 dB, resulting in a threshold Eb/No at the receiver demodulator of about 5.5 dB. 

30 Recent advances in coding technology have led to an effort by many companies to bring into 
production a 16PSK modulation, with rate 3/4 trellis code, thus achieving a net of 3 bits per 
symbol, and a coding gain of about 6.6 dB. This new modulator design is predicted to achieve 
equivalent receiver threshold of about 5.5 dB, but with over a one-third reduction in occupied 
bandwidth. Thus a 96 Mbps modulator will require about 32 MHz of bandwidth. Other 
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channel coding techniques, well-known to those skilled in the art, can be used in the present 
invention. 

The tuner may provide, for example, a L Band output having a carrier which is chosen 
to provide the authorized satellite transponder frequency after upconversion by the upconverter 
5 module (which follows the tuner). The carrier output frequency is electronically 
programmable, and is assigned by the broadcast operations module of a distribution 
management module. 

If a satellite transmission medium is used, the satellite uplink transmission system may 
include an upconverter, an interfacility link (between the modulator/tuner and the upconverter), 

10 a power amplifier, and an uplink antenna. In a preferred embodiment of this aspect, small 
antenna "dishes" are used by the end users to comply with governmental regulations, and 
address the security concerns, construction costs and antenna costs associated with large 
dishes. For these reasons, as well as C band frequency congestion problems, a preferred 
version of the present invention uses Ku band link implementation, which allows use of 

15 smaller dishes. In yet another preferred embodiment geared toward reducing the higher hourly 
transponder costs and significantly higher rain attenuation of Ku band links, lower frequency 
links are used. The antenna dish sizes for the uplink and the downlink are chosen based on the 
link reliability objective, and the power output of the chosen high power amplifier. It is 
expected the uplink antennas will be sized for a reliability of 99.99% availability, resulting in a 

20 Ku band uplink antenna size of about 7 meters in diameter, and the downlink will be sized for a 
reliability of 99.9% availability resulting in a Ku band downlink antenna size of about 0.6 
meters. 

In a Ku band uplink system, for example, an incoming L band signal from the 
modulator/tuner, which is within the frequency band 950 to 1450 MHz, is upconverted to the 
25 frequency band 14.0 to 14.5 GHz. The output of the upconverter is amplified by a Ku band 
power amplifier. A four port orthomode transducer is then used in conjunction with a 
switching system to provide uplink capability in either right or left hand polarization, together 
with the ability to receive the downlink signal for signal monitoring and performance 
verification. 

30 Uplink signal power level is electronically controlled to provide automatic modification 

of uplink power during uplink rain fades. The objective is to keep the uplink signal strength 
constant at the input to the satellite transponder receiver. If the uplink signal uses an entire 
transponder, a transponder with automatic level control is preferred. The electronics modules 
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of the uplink system preferably have 1:1 redundancy and automatically switchover should a 
failure occur, as directed by a monitor and control system. 

In a preferred version of the present invention, the Inbound User Data Transmission 
241 channel enables either the Headend Subsystem 2 to receive responses to inquiries from the 
End-user Subsystem 3, such as for playback information, security status, or end user module 
performance status. The Headend Subsystem 2 also can receive confirmation of inputted data 
such as authorizations, entitlement modifications, or financial or administrative messages. 
Additionally, the End-user Subsystem 3 can use the data link to make inquiries of all kinds, 
update information, provide statistical information, and to pay for services electronically. The 
Inbound User Data Transmission 241 channels provide the Headend Subsystem 2 with the 
ability to receive data and messages from not only the End-user Subsystem 3, but also the 
studios, suppliers, financial institutions, and other entities which need technical and/or 
administrative data interfaces with the Headend Subsystem 2. 

Sensitive data sent to the Headend Subsystem 2 may be encrypted by the Data 
Encryptor 243 so that encrypted data, as well as data which has not been encrypted, can be 
routed to its destination address, acknowledged if applicable, and stored if appropriate. An 
internal Message Handler Router 244 is used to forward data to applicable Outbound 
Transmission Lines 247 as required. The routing of technical and administrative data is 
accomplished via a local area network (LAN) with appropriate security safeguards, such as 
multi-level passwords and firewalls to prevent unauthorized access. 

4. Headend Management Subsystem 

The Headend Management Subsystem260 may include a Conditional Access Security 
Subsystem (CASS) 262, a Subscriber Management System (SMS) 263, a Program File 
Management System (PFMS) 261, and a Data File Management System (DFMS) 264. 

Access to the digital program files is controlled by the CASS 262 for the following 
reasons: 

1 . To ensure that only authorized playback of the files occurs. 

2. To ensure that the terms and conditions of the contracts between program owners, 
distributor, service provider, and end user are enforced. 

3. To ensure that the revenues derived from the playback of the files are retrieved for 
the distributor and the service provider. 

4. To prevent piracy of the files. 
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5. To ensure that the files in storage media cannot be accessed without authorization 
and accountability. 

6. To ensure that any other sensitive data or files cannot be accessed, or altered, 
without authorization and accountability. 

The CASS 262 manages the flow of entitlements (authorization information), and other 
information such as program, audio, and data bit streams to their destinations (for example, the 
end user receiver-decoder, storage, and playback systems, the archiving storage systems, and 
through the encryptors and decryptors). Entitlements originate in the SMS 263, which contains 
a database on all the deal memos between distributors, service providers, end users, and other 
subscribers, and contract information on any other services including any conditional access 
requirements. The CASS 262 also provides a very high level of both physical and electronic 
system security to regulate the viewing of files at the destination, and to eliminate the ability of 
pirates to intercept files and view their contents. 

The CASS 262 may include four subsystem which provide control, security, and 
distribution of program and data files. These subsystems are: 

1. Entitlement Management Center (EMC) which receives the end user/subscriber 
data and program/data file access data (CAD) from the DMS. The EMC constructs 
Entitlement Management Messages (EMM) from this received data. 

2. Entitlement Controller (EC) which generates the following data packets which 
provide entitlement instructions: 

* (a) An Entitlement Control Message (ECM) is created by combining the 
program/data file access data with an authentication signature; 

(b) An authorizing key (Control Word) is also created for each program/data file, 
and delivered to the encryptor. The Control Word governs how the file will be 
encrypted and later decrypted at the receiver-decoder. It is not broadcast to the receiver 
decoder. 

(c) In addition to creating the above data packets, the EC forwards the EMM to the 
receiver-decoder. 

3. Conditional Access Module (CAM) 3 1 1 which resides in the Receiver-Decoder 305 
of the End-user Subsystem 3, and controls access to the incoming files. This 
module may, for example, consist of an ISO Smart Card reader and a Smart card. 
The Smart Card reader manages the exchange of information between the Smart 
Card and the receiver-decoder. Upon receipt of an entitlement message, the Smart 
Card reader verifies that the entitlement message is authentic, and then compares 
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the entitlement data in the received message with the entitlement data resident in 
the Smart Card. If they match, the appropriate Control Word is generated to be 
used by the decryptor to unscramble the program/data file. 
4. Callback capability which also may be provided to allow the receiver-decoder to 
call the EMC, or the EMC to call the receiver-decoder. The EMC can receive data 
back from the end user/subscriber Smart Card. This data includes end 
user/subscriber identification, stored transactional information such as number of 
playbacks, and equipment status reports. The EMC may also call the receiver- 
decoder to deliver new data to the Smart Card. 
The SMS 263 manages the distribution of the program and data files, and the flow of 

traffic and timely operation of the various subsystems of the Headend 2 and the End-user 3 

subsystems. The SMS 263 is tasked to: 

1. Keep a current and historical record of program owners, distributors, and end users. 

2. Keep a record of deal memos, including a breakdown of all contract requirements 
imposed on the service provider and the end user. 

3. Provide a Billing System which will provide financial analysis and statements 
related to the financial terms of the individual deal memos. 

4. Generate conditional access information which is delivered to the CASS 262 for 
further processing into Entitlement Management Messages, which are used to 
enable the Demodulator 310 in the Receiver-Decoder 305 of the End-user 
Subsystem 3. 

5. Enable the release of files from the Long Term Archiving Storage System 13, the 
Headend Archiving Storage Subsystem 202, and the Distribution Storage 
Subsystem 220, including providing authorization information to the CASS 262, 
and providing instructions to the storage systems to playback files, or portions 
thereof. 

6. Provide a Traffic/Scheduling System which provides scheduling information to all 
subsystems of the Headend 2and End-user 3 Subsystems which must conduct timed 
operations. This system also receives feedback from the End-user Systems 3, for 
example, as played information, requests to reschedule playback, and other requests 
which require initiating new entitlement messages. 

7. Provide an Automation/Scheduling Subsystem 330 which receives the 
traffic/scheduling information and then actuates the operational equipment as 
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scheduled. Upon initiation and completion of these tasks, the Automation System 
provides timely reports back to the SMS. 

8. Provide a Customer Service organization which provides a customer-friendly 
interface, particularly for assistance of customers with trouble-shooting problems 

5 and resolution of customer complaints. 

9. Provide interactive data exchange between the SMS 263 and the other software 
systems. 

The SMS 263 contains sensitive data which must be protected from unauthorized 
access and therefore, may include multi-level password protection, firewalls at data I/O ports, 

10 and sufficient redundancy of the hardware to prevent loss of records. 

The Program File Management System (PFMS) 261 provides a database of all the 
program files in the Headend Subsystem 2, and at end-user locations. A database record is 
created for each program file, with a separate record for each program image, audio, and 
associated data file. The record is expanded and updated each time a program file is processed 

15 at the headend to include its status, location, copies if any, type of processed file, and 
modifications. A separate database is kept of all program files which are received from the 
Long Term Archiving Storage System 13. This database includes historical information on 
who, why, when, and what was accessed, and the authorization information. The PFMS 261 
also keeps individual records of program files stored in the end user storage systems and the 

20 purging thereof The PFMS 261 provides status reports on a routine basis, and exception 
reports on an urgent basis when certain operations, such as purging, fail to occur as scheduled. 
These reports are provided to the SMS 263. 

The Data File Management System (DFMS) 264 serves a function equivalent to that of 
the PFMS 261, except the files which are managed are non-program files. These files could 

25 include data such as program associated files, data describing a particular program, its 
production, and other historical data concerning a program file which might interest an end 
user or the program audience. The data could include subtitles, teletext, special interest 
information, and a myriad of other possible data transfers between the service provider, 
distributor, and end user. In some cases the data is encrypted, in other cases it is not. The 

30 DFMS 264 keeps records of all the data files, their location, and historical information on the 
processing, access and disposition of the data files. 
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C. End-User Subsystem 

The End-User Subsystem 3 may include Transmission Line Interfaces 300, a Receiver- 
Decoder subsystem305, a Storage Playback Subsystem 320, a Secure Playback Subsystem 360, 
an Automation/ Scheduling Subsystem 330 and a Reverse Channel 350. Below is a more 
detailed description of each such feature. 

1. Transmission Line Interfaces 

Program and data files can be delivered by a satellite communication link, or terrestrial 
communication links such as microwave, coaxial cable, or fiber-optic cable via the 
Transmission Line Interface 300. If, for example, a satellite transmission medium is used, the 
earth station transmission system may comprise a down-converter, an interfacility link 
(between the down-converter and the demodulator/tuner), and a downlink antenna. 

In a preferred version of the present invention, a Ku band link is utilized with a small 
antenna (dish) mounted on the roof of end users. The dish size is a function of the desired 
reliability of the transmission link from the headend to the end user. For example, for 
programs which are delivered only for storage on the end user storage system, link outage 
probability of three hours a month may be reasonable. In general, dish size is in the range of 
0.5 meter to 2.4 meters in diameter. 

The received signal of such a link is collected by the antenna and forwarded to a low 
noise down-converter which converts the Ku band signal to a signal in the 950 to 1450 MHz 
band. The low noise down-converter has sufficient gain to allow an interfacility link coaxial 
cable to be run from the antenna location to the indoor demodulator/tuner of the indoor 
receiver-decoder. 

The Reverse Channel 350 provides an outbound data channel so that two-way data 
communications can be established between the Headend Subsystem 2 and the End-user 
Subsystem 3. The outbound channel can be used for many purposes including sending 
inquiries, playback information, security status, end user module performance, confirmations, 
electronic payments, and e-mail. Data packets within the bit stream of an outbound data 
channel may be encrypted in accordance with instructions from the CASS 262. 

The outbound data channel can utilize satellite or terrestrial transmission media. If, for 
example, satellite transmission is utilized, then a low power uplink transmitter is provided. 
This uplink transmitter is interfaced to a transmit port of the antenna. In a preferred version, 
the uplink transmitter includes a medium power amplifier (0.5 to 2.0 watts), an up-converter 
from the frequency band 950 to 450 MHz to the satellite receive transponder frequency, and a 
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modulator/tuner which receives outbound (reverse) data from the end user system and provides 
a radio frequency carrier, which is chosen to provide the authorized satellite transponder 
frequency after up-conversion by the up-converter module (which follows the tuner). The 
carrier output frequency is electronically programmable, and is assigned by the broadcast 
5 operations module of the SMS. 

2. Repeiver-Decoder 

The Receiver-Decoder 305 may include a Tuner/Demodulator 310, a System 
Demultiplexer 312, a Microprocessor/Controller 313, and a Conditional Access Module 
(CAM) 3 11. 

10 In a system utilizing satellite transmission, for example, transmission may be at 96 

Mbps with 16PSK modulation and a 3/4 rate trellis code. This provides a net of three bits per 
symbol at a symbol rate of 24 megasymbols per second, and a coding gain of 6.6 dB. Other 
channel coding techniques, well-known to those skilled in the art, can be used in the present 
invention. 

15 In a preferred embodiment, the Receiver-Decoder 305 operates in L band, where an L 

band tuner of the Tuner/Demodulator 310 is tuned to a specific L band frequency associated 
with a specific downlink satellite transponder. The output of the tuner is demodulated to a 
baseband digital bit stream, and then forward error correction is utilized to remove possible bit 
errors that may have occurred in transmission. The resultant bit stream is an encrypted, 

20 multiplexed bit stream containing audio, program image, and data information. 

The System Demultiplexor 312 then separates the bit stream into its components of 
audio, program image, and data bit streams. The resultant bit streams are then forwarded to the 
appropriate ports or interfaces under direction of a microprocessor/controller. 

The Microprocessor/Controller 313 provides instructions which direct the activities of 

25 all the input/output ports, and does all the housekeeping tasks necessary to provide a 
functioning receiver-decoder. It may also compare a user profile stored in User Profile 314 or 
Storage Media 3 15 with an incoming data message describing a specific user profile, and either 
accept or reject the incoming bit stream. If the incoming bit stream is accepted as valid for a 
particular receiver-decoder, then entitlement information is passed to the CAM 31 1 for further 

30 processing. In addition, the Microprocessor/Controller 313 accesses the Receiver-Decoder 305 
memory in User Profile 314 or Storage Media 315 which may contain instructions and 
messages such as error messages. These messages can be displayed locally or forwarded to the 
headend via the reverse channel. 
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A CAM 311 first receives EMM and ECM data from the Headend Subsystem 2, 
verifies the authenticity of the data, compares the data with stored information, for example, in 
a Smart Card, and, if validity is established, generates a key word necessary to enable the 
Decryptor 361. In a preferred version of the present invention, the key word is generated on a 
packet by packet basis. In this case, each location which has an encryptor and/or a decryptor 
has an associated Receiver-Decoder 350 with a CAM 311. These locations include the Secure 
Playback System 360, and the User Data Transmission 351. The key word is transferred to the 
encryptor/ decryptor in a secure environment. For example, removal of the Smart Card or the 
CAM 31 1 from the Receiver-Decoder 350 disables the Receiver-Decoder 350. 

3. Storage Play back System 

Each current authorized program is stored in compressed and encrypted form in a 
storage media. In a preferred version of the present invention, rewriteable non-removable hard 
drives are used. Other storage media, well-known to those skilled in the art, can be used in the 
present invention. The selection of the storage media is predicated not only on capacity, 
redundancy, I/O ports, access time, throughput, and file transfer rate, but also on the security 
needs of the system. 

For example, the storage media may have over 18 gigabytes of storage that can record 
at a data rate of at least 8 megabytes per second, and playback at data rates ranging 0.1 to 8 
megabytes per second. For end users with multiple visual displays, the storage media is sized 
to provide storage for all program files. 

The Automation Scheduling System 330 (described below) delivers each program file 
to a secure playback system at a time specified and authorized by the CASS 262. When a 
particular program file is displayed for the last authorized time, the storage media is 
automatically erased and another authorized program file may be stored in its place. 

4. Secure Playback System 

The Secure Playback System 360 may include the following subsystems: 

1 . Demultiplexor/Program Image& Audio Decryptor 361. 

2. Output port for audio; 

3. Program Image Decompressor 362; 

4. Program Audio Decompressor 363; 

5. Visual Playback Display 364; and 

6. Interface with a CAM when there is a separate CAM for each subsystem that either 

encrypts, decrypts, stores, or forwards encrypted or entitlement data. 
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In a preferred version, the Secure Playback System 360 is designed so that decryption 
of the program image takes place within the Secure Playback System 360 with sufficient 
security to prevent interception of the decrypted program image file. It is a sealed assembly 
which if opened not only causes the loss of the stored program file, but also makes the 
5 playback inoperable until serviced by an authorized field service technician. 

The Demux/ Program Decryptor 361 receives encrypted files from local storage, 
separates program image, audio, and data files into separate bit streams, then decrypts them 
and provides the outputs to the Audio Decompressor 363 and Program Image Decompressor 
362. 

10 In the preferred embodiment, separate program image, audio, and data decompression 

units are employed. In such systems, each decompression unit has sufficient programmability 
so that a variant of ISOMPEG2 coding technology can be used at present, while allowing 
decompression units to be upgraded to ISOMPEG4 and beyond in the future. The ISOMPEG2 
System transport layer may be employed to ensure that appropriate synchronization is 

15 maintained between the audio and the program image. 

Advanced Audio Coding(AAC), ISOMPEG4 Part 7, which currently provides the most 
efficient 5.1 channel audio available, may be used as an audio coding algorithm, although any 
other audio coding algorithms can be accommodated. Other program and audio coding 
algorithms > well-known to those skilled in the art, can be used in the present invention. 

20 The Visual Playback Display 364 is preferably designed to meet high quality display 

requirements of HDTV. These requirements may include display of up to 2 million pixels for 
each of 30 frames per second. The display unit may be physically separated from the other 
subsystems of the secure playback system. Cabling between subsystems which contains 
decrypted, decompressed program information is physically and electronically secure. For 

25 example, a shielded armor cable may be used with a special electronic continuity signal which 
detects when an end of the cable is disconnected from the display. Upon the occurrence of 
such an event, the secure playback system is disabled until re-authorized by the CASS 262. 

5. Automation/Scheduling System 

Within the bit stream provided by the Headend Subsystem 2 to a specific end user is a 
30 playback schedule. This schedule defines the authorized playback dates and number of 
playbacks for each program file and for each display of the end user. The 1 
Automation/Scheduling Subsystem 330 schedules these playbacks, and provides the necessary 
machine control to automatically play the programs at the scheduled times. 
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An end user operator interface provides the end user with the ability to define and 
modify the schedule of the playbacks, within the authorization parameters, such as changing 
play times, and which displays are showing which programs. Such changes require 
notification of the headend. Changes which do not violate contractual terms are automatic, 
5 requiring only a change in the distribution records. Changes which modify the terms of an 
existing contract between End User, Program Owner, Distributor, and Service Provider are 
verified and authorized by the SMS 263 once accepted by the parties to the contract. 

6. Reverse Channel 

The Reverse Channel 350 provides data back to the Headend Subsystem 2 and the 
10 program owner or distributor from the end user. The data includes status information, as 
played information (actual times of playback), purges (erasure of program files), trouble 
reports and error messages, diagnostic information, and other messages related to the health 
and welfare of the end user system. The Reverse Channel 350 also may be used for 
administrative and financial information. Since the reverse channel provides the end user with 
15 a two-way data capability (utilizing the forward data transmission capability of headend 
transmission system), interactive data applications can be utilized to provide interactive 
experiences to end user audiences. 

Other embodiments of the invention will be apparent to those skilled in the art from 
consideration of the specification and practice of the invention disclosed herein. It is intended 
20 that the specification and examples be considered as exemplary only. 
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What is claimed is: 

1. A system for delivery of electronic image programs to at least one end user, 
including a home viewer, comprising: 

a long term archiving subsystem for conversion of an image program into a 

digitized form; 

a headend subsystem; and 

an end-user subsystem so that said digitized form sent by the long term 
archiving subsystem is received by the headend subsystem and relayed to the end-user 
subsystem for viewing by the at least one end-user. 

2. The system of Claim 1, wherein the long term archiving subsystem further 
comprising: 

an image conversion subsystem for conversion of image programs captured on 
film to digitized forms; 

a digital program playback subsystem to playback programs which are received 
from a source in digital format; 

an audio playback subsystem to playback audio programs which are received 
from a source in digital format; 

an audio conversion subsystem to convert the audio program into a format 
suitable for storage in the long term archiving system; 

a lossless compression encoder subsystem for compressing said digitized forms, 

a long term storage subsystem for storage of the digitized forms; 

an encryption subsystem to encrypt the digitized forms prior to storage in the 
long term storage subsystem; 

a decryption subsystem to decrypt the digitized forms for viewing on a display 
panel of the long term system; and 

a management subsystem to manage security of the digitized forms and to relay 
system data and said digitized forms to the headend subsystem. 

3. The system of Claim 1 , wherein the headend subsystem further comprising: 

a baseband processing subsystem to receive as input system data and said 
digitized forms from the long term archiving subsystem; 

a distribution subsystem to receive as input system data and said digitized forms 
from the baseband processing subsystem; 
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a radio frequency transmission subsystem to transmit system data and said 
digitized forms between the end-users and the long term archiving subsystem; and 

a headend management subsystem to provide a management interface with end 
users and sources of program materials. 

4. The system of Claim 1 , wherein the end-user subsystem further comprising: 

a transmission line interface to relay coded system data and said digitized forms 
from the headend system to the end-user subsystem; 

a receiver-decoders subsystem to receive as input the relayed coded system data 
and said digitized forms from the transmission line interface in form of the radio frequency bit 
stream and to produce decoded digitized forms and system data at baseband; 

a storage playback subsystems to store system data and said digitized forms; 

a secure playback subsystems to playback system data and said digitized forms; 

an automation/scheduling subsystem to direct playback of system data and said 
digitized forms in the secure playback subsystems as authorized by the headend management 
subsystem; and 

a reverse channel to relay feedback data to the headend system from the at least 

one end user. 

5. The system of Claim 2, wherein the long term archiving subsystem further 
comprising: 

a database management subsystem; and 

a conditional access subsystem so that the database management subsystem to 
keep record of said digitized forms, said system data, said audio and digital programs received 
from a source in digital format, and upon receipt of an authorization message from the headend 
system to encrypt and then transmit to the headend system said digitized forms, said system 
data, said audio and digital programs received from a source in digital format, with said 
conditional access subsystem to determine the validity of said authorization message. 

6. The system of Claim 2, wherein the long term archiving system further 
comprising: 

a monitor subsystem to allow a system operator to review digitized forms, and 
to monitor and control the performance of the long term archiving system. 
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7. The system of Claim 3, wherein the baseband processing subsystem further 
comprising: 

a first file server; 

a headend archiving storage subsystem; 
a signal processing substation; and 

a multiplex/encryptor module so that the first file server directs said digital 
forms and system data received from the headend subsystem to the headend archiving storage 
subsystem for storage and later retrieval and forwarding to the signal processing substation 
which would then output to the multiplex/encryptor module. 

8. The system of Claim 7, wherein the signal processing substation further 
comprising: 

a demultiplexor module to separate the received image and audio portions of 
said digitized forms and to separate the system data; 

a decryptor module to decrypt the encrypted image and audio portions of said 
digitized forms and system data; 

an audio baseband processor module to decompress the said decrypted audio 

portions; 

an audio compressor module to compress the decompressed audio portions 
according to a specific compression algorithm; 

a lossless image-decompressor module to decompress the image portions into 
the original decompressed image portion; 

a program image preprocessor module to convert the decompress image portion 
into an end-user specified requirement; 

a lossy program image-compressor module to compress the converted image 

portion; and 

a data interface module to communicate with the headend managements 
subsystem to seek authorization to enable said modules to proceed. 

9. The system of Claim 3, wherein the headend management subsystem further 
comprising: 

a conditional access security subsystem (CASS); 

a subscriber management subsystem (SMS) comprising of a database to keep 
record of subscribers and associated transactions; 
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a program file management subsystem (PFMS); and 

a data file management subsystem (DFMS) so that the CASS regulates the flow 
of authorization information, and system data from the DFMS and the PFMS to the baseband 
processing subsystem, and from the SMS to the baseband processing subsystem and to the long 
term archiving system. 

10. The system of Claim 9, wherein the CASS further comprising: 

an entitlement management center to receive the user data, digitized forms and 
system data file from the DMS and to construct a entitlement management message (EMM) 
from the received data; 

a entitlement controller to generate a plurality of entitlement packets containing 
entitlement instructions and authorization information; 

a conditional access module (CAM) to authenticate the entitlement packets for 
the end-user subsystem. 

1 1 . The system of Claim 10, wherein the CASS further comprising: 

a call back subsystem to enable system communication between the entitlement 
management center and the end-user subsystem. 

12. The system of Claim 9, wherein the SMS further comprising: 

a system to manage the distribution of digitized forms and system data, to 
monitor and regulate the timely the flow of network traffic, to monitor the operation of said 
subsystems in the headend subsystem and the end-user subsystem, to enable the release of 
digitized forms from the long term storage system, and to provide conditional access 
information. 

13. The system of Claim 9, wherein the DFMS further comprising: 

a database containing a record of all the transacted system data in the system for 
delivery of electronic image programs. 

14. The system of Claim 9, wherein the PFMS further comprising: 

a database containing the digitized forms residing in the headend subsystem and 
the end-user subsystem. 
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15. The system of Claim 4, wherein the receiver-decoders subsystem further 
comprising: 

a tuner module tuned in to a specific radio frequency associated with a satellite 
down link to receive said digitized forms and system data transmitted from the headend 
subsystem; 

a demodulator module to demodulate the digitized forms and system data 
relayed by the tuner; 

a system demultiplexer module to separate the image and audio portions of said 
digitized forms and to separate the system data; 

a microprocessor/controller to monitor all operations of said modules in the 
receiver-decoders subsystem; and 

a conditional access module to verify the authenticity of an end-user request for 
said modules in the receiver-decoders subsystem to engage in said operations. 

16. The system of Claim 4, wherein the storage playback subsystem further 
comprising of : 

a compression subsystem to compress the digitized forms; 

an encryption subsystem to encrypt the digitized forms; and 

a storage subsystem to store the compressed and encrypted digitized forms for 

later retrieval. 

17. The system of Claim 16, wherein the storage subsystem is a rewritable hard 

drive. 

18. The system of Claim 4, wherein the secure playback subsystem further 
comprising: 

a demultiplexer subsystem to separate image and audio portions of said 
digitized forms and to separate the system data; 

a decryptor subsystem to decrypt encrypted image and audio portions of said 
digitized forms and system data; 

an output port for audio to output the audio portions decrypted by the decryptor 

subsystem; 

a program image decompressor to decompress said image portions; 
a program audio decompressor to decompress said audio portions; 



-23- 



WO 00/54507 



PCT/USOO/06156 



a visual playback subsystem to display the separated, decrypted and 
decompressed image portions upon receipt of an authorization; 

an interface with a CAM to seek said authorization from the headend 
management subsystem and to relay said authorization to the visual playback subsystem to 
display the image portions. 

19. The system of Claim 1 8, wherein the decryptor subsystem further comprising: 
a program image decryptor; and 

an audio decryptor so that image and audio portions of said digitized forms 
separated by the demultiplexer subsystem are both decrypted. 

20. The system of Claim 4, wherein the automation/scheduling subsystem further 
comprising: 

an end-user operator interface to provide the end-user with the ability to input a 
instruction in the automation/scheduling subsystem to direct playback of said digitized forms 
subject to the authorization by the headend management subsystem; and 

an notification subsystem to notify the headend management subsystem of said 
instruction and to seek and to relay the authorization from the headend management subsystem 
to the automation/scheduling subsystem to carryout the instruction to playback of said digitized 
forms. 

21 The system of Claim 4, wherein the feedback data further comprising: 

a set of information containing system status, a erasure of said digitized forms, 
problem reports, error messages, diagnostic reports, administrative reports and financial 
reports. 

22. The system of Claim 4, wherein the reverse channel has two-way data 
capabilities so that an interactive data application can interact between the end-user subsystem 
and the headend subsystem. 

23. The system of Claim 1, wherein the image program is a single image. 

24. The system of Claim 2, wherein said digitized form is an image file. 
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25. The system of Claim 2, wherein said management subsystem further comprising 
record-keeping of digitized forms and contracts with program owners. 

26. The system of Claim 3, wherein said radio frequency transmission subsystem 
transmits in form of a radio frequency bit stream. 

27. The system of Claim 3, wherein said management subsystem to perform 
management of controls receipt, management of system security, management of storage, and 
management of transmission of system data and said digitized forms. 
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